TRENDING

In the cloud, good policy enforcement makes good neighbors

By Rutrell Yasin

Jul 15, 2011

Technology that supports a concept called mandatory access control could help strengthen access control rights in a multitenant cloud in which users fear being left guessing about their exposure to security events elsewhere in the cloud.

With mandatory access control, policies are centrally enforced by a security administrator, and users do not have the ability to override. The policy will indicate who has access to which programs and files.

The technology might come into play, for example, when agencies outsource hosting to an infrastructure-as-a-service provider. In such cases, they maintain access to the systems because they own the operating system and the applications loaded into the cloud provider’s servers. But they lose access to the security events, in addition to status and security patch levels associated with the infrastructure.

With the cloud, “you lose that hardware stack visibility, and you now have to trust — without the ability to verify — what is going on,” said Doug Chabot, vice president and principal solutions architect at QinetiQ North America. What cloud users really want is to have the same holistic view of their operations that they had on premises in their data centers, he said.

If cloud providers are limiting the cloud user’s view of their resource pools — power, memory and storage — the cloud user might have a myopic view of what is happening below the hardware level. In a perfect world, a cloud provider would be able to separate all the affected tenant’s data, logs and events and feed them to the tenant’s security operations center. Otherwise, during a security event, there might be a big black hole.

“So if there were a compromise to a cloud infrastructure, you might not know about it,” Chabot said. “That is not acceptable."

The technology to fill those blind spots is not mature yet, Chabot said. However, it is being addressed by tools such as IBM’s Secure Hypervisor or VMware’s vGate. These can help maintain proper separation of multitenants through the operating system down to the hypervisor level, Chabot said. Hypervisors allow multiple operating systems to run concurrently on a host machine.

“Mandatory access control attempts to label datasets and services in such a way that absolute policy is enforced,” Chabot said.